Splunk Search

How to chart job ending time - Time on Y Axis / Day on X Axis ?

sjringo
Contributor

If I am starting with this query:

index=anIndex sourcetype=aSourcetype ( aJobName AND "COMPLETED OK" )

The job im intereted in runs once perday.

I would like completion time on the Y Axis and the day on the X axis.

I found this previous piece of code but am not sure how to adapt to my query results ?

| eval _time=strptime(timestamp,"%F %T.%Q")
| eval t=split(substr(timestamp, 12, 8),":")
| eval h=mvindex(t,0), m=mvindex(t,1), s=mvindex(t,2)
| eval v=(h)+(m/100)
| bin _time span=1d
| chart max(v) over _time by job

 

Labels (1)
Tags (1)
0 Karma
1 Solution

bowesmana
SplunkTrust
SplunkTrust

So, if the _time field in the COMPLETED OK event is the end time of your job, then if you want to display the time of day as the Y-axis, then you can do

 

| eval t=split(strftime(_time, "%H:%M:%S"), ":")
| eval h=mvindex(t,0), m=mvindex(t,1), s=mvindex(t,2)
| eval v=(h)+(m/100)
| bin _time span=1d
| chart max(v) over _time by job

 

where job is a field name with the job name

It will give you a y-axis value of hours + decimal value of minutes. i.e. 9:48 will be 9.48 

View solution in original post

bowesmana
SplunkTrust
SplunkTrust

So, if the _time field in the COMPLETED OK event is the end time of your job, then if you want to display the time of day as the Y-axis, then you can do

 

| eval t=split(strftime(_time, "%H:%M:%S"), ":")
| eval h=mvindex(t,0), m=mvindex(t,1), s=mvindex(t,2)
| eval v=(h)+(m/100)
| bin _time span=1d
| chart max(v) over _time by job

 

where job is a field name with the job name

It will give you a y-axis value of hours + decimal value of minutes. i.e. 9:48 will be 9.48 

Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...